Feds shutter xDedic, a black market used to commit $68 million in fraud
An online marketplace that facilitated more than $68 million in fraud and cybercrime has been shut down following an international law enforcement operation, the U.S. Department of Justice announced Monday.
Hackers and thieves used the website, known as xDedic, to sell access to compromised computers located around the world and personal information belonging to U.S. residents, prosecutors said. Buyers could search the site by price, operating system or by the geographic region from where it was stolen, prosecutors said. The method of access was usually through credentials for Remote Desktop Protocol (RDP) servers.
The DOJ didn’t name any victims, but said they included major metropolitan transit organizations, emergency services, government agencies, pension funds, universities and others.
The site was shut down in 2016, only to re-emerge soon after on the dark web with the new stipulation that members pay $50 to enter.
“The xDedic marketplace operated across a widely distributed network and utilized bitcoin in order to hide the locations of its underlying servers and the identities of its administrators, buyers, and sellers,” the DOJ said in a statement.
No arrests were reported as part of the operation. U.S. authorities worked closely with law enforcement in Belgium, Ukraine and the European police agency Europol to orchestrate the takedown.
The xDedic site first entered the public consciousness in 2016 when security researchers from Kaspersky Lab showed that the site offered access to hacked servers from well known sites including Target and PayPal. By promising to let its users into such known websites via an easy-to-understand search function, xDedic lowered the barrier to entry for wannabe cybercriminals, Kaspersky said. For example, purchasing access to a European country’s network would have cost a buyer $6 at the time.
“The one-time cost gives a malicious buyer access to all the data on the server and the possibility to use this access to launch further attacks,” reported SecureList, Kaspersky’s blog. “It is a hacker’s dream, simplifying access to victims, making it cheaper and faster, and opening up new possibilities for both cybercriminals and advanced threat actors.”